Microsoft.Authorization roleAssignments 2017-10-01-preview

Template format

To create a Microsoft.Authorization/roleAssignments resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Authorization/roleAssignments",
  "apiVersion": "2017-10-01-preview",
  "scope": "string",
  "properties": {
    "roleDefinitionId": "string",
    "principalId": "string",
    "canDelegate": "boolean"
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Authorization/roleAssignments object

Name Type Required Value
name string Yes The name of the role assignment to create. It can be any valid GUID.
type enum Yes Microsoft.Authorization/roleAssignments
apiVersion enum Yes 2017-10-01-preview
scope string No Use when specifying a scope that is different than the deployment scope. See Setting scope for extension resources in ARM templates.
properties object Yes Role assignment properties. - RoleAssignmentProperties object

RoleAssignmentProperties object

Name Type Required Value
roleDefinitionId string No The role definition ID used in the role assignment.
principalId string No The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.
canDelegate boolean No The delegation flag used for creating a role assignment

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Cloud Shell - VNet

Deploy to Azure
This template deploys Azure Cloud Shell resources into an Azure virtual network.
Create a data share from a storage account

Deploy to Azure
This template creates a data share from a storage account
Assign an RBAC role to a Resource Group

Deploy to Azure
This template assigns Owner, Reader or Contributor access to an existing resource group.
RBAC - Existing VM

Deploy to Azure
This template grants applicable role based access to an existing VM in a Resource Group
SQL logical server.

Deploy to Azure
This template allows you to create SQL logical server.
Azure Synapse Proof-of-Concept

Deploy to Azure
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools
Create an on-demand SFTP Server with persistent storage

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
Create a WordPress site

Deploy to Azure
This template creates a WordPress site on Container Instance
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
RBAC - Grant Built In Role Access for multiple existing VMs in a Resource Group

Deploy to Azure
This template grants applicable role based access to multiple existing VMs in a Resource Group
RBAC - Create Managed Identity Access on Azure Maps account

Deploy to Azure
This template creates a Managed Identity and assigns it access to an a created Azure Maps account.
Azure SQL Server with Auditing written to a blob storage

Deploy to Azure
This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to a blob storage
Terraform on Azure

Deploy to Azure
This template allows you to deploy a Terraform workstation as a Linux VM with MSI.
Hazelcast Cluster

Deploy to Azure
Hazelcast is an in-memory data platform that can be used for a variety of data applications. This template will deploy any number of Hazelcast nodes and they will automatically discover each other.
Create a resourceGroup, apply a lock and RBAC

Deploy to Azure
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal.
Assign a role at subscription scope

Deploy to Azure
This template is a subscription level template that will assign a role at subscription scope. Currently, this template cannot be deployed via the Azure Portal.
Assign a role at tenant scope

Deploy to Azure
This template is a tenant level template that will assign a role to the provided principal at the tenant scope. The user deploying the template must already have the Owner role assigned at the tenant scope.